Closed Bug 304388 Opened 19 years ago Closed 19 years ago

Add hostname to title bar of windows that don't have location bars

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Firefox1.5

People

(Reporter: jruderman, Assigned: dveditz)

References

Details

(Keywords: csectype-spoof, fixed1.8, Whiteboard: [sg:fix])

Attachments

(1 file, 1 obsolete file)

including merged xpfe/global changes
(deleted), patch
dveditz
: review+
bzbarsky
: superreview+
asa
: approval1.8b5+
Details | Diff | Splinter Review 
https://bugzilla.mozilla.org/show_bug.cgi?id=22183#c238 was only checked in on
the branch.  In a security bug meeting on Tuesday, we decided to do the same
thing for Firefox 1.5 (and trunk?).  I'll leave bug 22183 open for a long-term
solution.
Flags: blocking1.8b4?
Whiteboard: [sg:fix]
Attached patch update dveditz's patch to trunk (obsolete) (deleted) β€” β€” Splinter Review 
I hand-applied dveditz's patch
(https://bugzilla.mozilla.org/show_bug.cgi?id=22183#c238) to the trunk and
edited a few code comments.  I wasn't able to test the code in
nsContentTreeOwner::SetTitle because the code in tabbrowser always seems to be
what determines the window title in Firefox.  I left out the SeaMonkey-specific
part of the patch.

cvs diff -p
xpfe/appshell/src/nsContentTreeOwner.cpp 
content/html/document/src/nsHTMLDocument.cpp 
toolkit/content/widgets/tabbrowser.xml
Attachment #192787 - Flags: superreview?(bzbarsky)
Attachment #192787 - Flags: review?(mconnor)
Comment on attachment 192787 [details] [diff] [review]
update dveditz's patch to trunk

It'll take me some time to get to this...  not even sure how much.
How can I test nsContentTreeOwner::SetTitle?  Build Camino?
Comment on attachment 192787 [details] [diff] [review]
update dveditz's patch to trunk

I'm not really a good reviewer for appshell or content code, it should be a
peer in the appropriate module if at all possible.
Attachment #192787 - Flags: review?(mconnor) → review?(dbaron)
<sigh> I wish we'd had time to do something better. Still, as long as we don't
see this as the long-term solution...

Gerv
Flags: blocking1.8b4? → blocking1.8b4+
Target Milestone: --- → Firefox1.5
Whiteboard: [sg:fix] → [sg:fix][needs review dbaron, SR bzbarsky]
So is there a reason this is not patching both tabbrowsers?  Is there a reason
that embedding builds don't have the same problem... or do they?

That said, doesn't the nsContentTreeOwner code just run whenever you load a new
page in a non-tabbrowser setup?  Just remove the hookup of the DOMTitleChanged
listener in tabbrowser to exercise it visually, I think.  And file a followup
bug on the fact that we have this code in 3 different places?
> So is there a reason this is not patching both tabbrowsers?

I don't build Seamonkey and didn't realize I was expected to help maintain that
fork.  If you want me to build Seamonkey, I can.

I don't know the answers to your other questions.  dveditz (the original author
of the patch) might.
Comment on attachment 192787 [details] [diff] [review]
update dveditz's patch to trunk

This needs at least a similar patch for xpfe and a check on whether
nsWebBrowser has similar issues, as well as testing of the nsContentTreeOwner
code.  Please rerequest review when those have happened.
Attachment #192787 - Flags: superreview?(bzbarsky) → superreview-
Attachment #192787 - Flags: review?(dbaron)
we're gonna have to take what we did for 1.0  because we dont' have anything
better and time's run out. Dan, can you drive this in?
Assignee: jruderman → dveditz
Attached patch including merged xpfe/global changes (deleted) β€” β€” Splinter Review 

  

  



        Attachment #192787 -
        Attachment is obsolete: true

        Attachment #197923 -
        Flags: superreview?(bzbarsky)

        Attachment #197923 -
        Flags: review?(jruderman)

    
  
Whiteboard: [sg:fix][needs review dbaron, SR bzbarsky] → [sg:fix][needs review jruderman, SR bzbarsky]

    
    

    
  
Comment on attachment 197923 [details] [diff] [review]
including merged xpfe/global changes

r=myself, this is just a trunk merge of a previously reviewed patch (r=mconnor,
sr=bzbarsky, a=asa)

Still requesting sr=bz since he had a problem with the first version here.

  

  



        Attachment #197923 -
        Flags: review?(jruderman) → review+

    
    

    
  
Comment on attachment 197923 [details] [diff] [review]
including merged xpfe/global changes

I guess this is ok given the situation, but could we please file a bug to have
one and only one place where this code lives by 1.9?

  

  



        Attachment #197923 -
        Flags: superreview?(bzbarsky) → superreview+

    
  
Whiteboard: [sg:fix][needs review jruderman, SR bzbarsky] → [sg:fix]

    
  

        Attachment #197923 -
        Flags: approval1.8b5+

    
    

    
  
fixed on trunk

  

  


Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED

    
    

    
  
fix checked into 1.8 branch

  

  


Keywords: fixed1.8

    
    

    
  
Comment on attachment 197923 [details] [diff] [review]
including merged xpfe/global changes

I checked Editor and it has its own title setting code to, so it's unaffected
by this change.

  

  



    
    

    
  
(In reply to comment #12)
>could we please file a bug to have one and only one place where this code lives
For anyone interested in fixing this follow-up bug, preliminary investigation
suggests that one of the callers of updateTitlebar is unnecessary and the other
caller can be worked around by setting this.contentDocument.title to itself.

  

  



    
  
Depends on: 310696

    
  
Depends on: 312426

    
    

    
  
Did we ever get this followup filed?

Also, note that this patch caused bug 317750 (though imo that site is just broken).

  

  



    
    

    
  
How did this break bug 317750?  Does the site's JavaScript somehow see the modified title?

  

  



    
  
Keywords: csec-spoof

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: